Puppetdb document auth workaround.

1 files changed, 9 insertions, 0 deletions

diff --git a/manifests/puppetdb.pp b/manifests/puppetdb.pp
index a5054d4..7f6cc89 100644
--- a/manifests/puppetdb.pp
+++ b/manifests/puppetdb.pp
@@ -6,9 +6,18 @@ class profiles::puppetdb {
   class { 'puppetdb':
     listen_address        => '::', # Just accept insecure connections
     disable_ssl           => false,
+    # This sohuld in theory allow full access to the database, but it
+    # doesn't seem to do that. See [AUTH]
     certificate_whitelist => [ $::servername, ],
   }
 
+  # [AUTH] Innstead, in /etc/puppetlabs/puppetdb/conf.d/auth.conf
+  # i changed the rule
+  #     match-request: /metrics
+  # to allow anything:
+  #     - allow: "*"
+  #     + allow-unauthenticated: true
+
   # This is "requried", and is recommended to be included in this way
   # (presumably to later allow setting parameters)
   class { 'puppetdb::master::config':